Neil J. RubenkingBitdefender Anti-RansomwareBitdefender Anti-Ransomware vaccinates your PC against infection by four specific ransomware families, and testing shows that it does the job. But you'll need some other kind of protection to handle other ransomware families, and other malware in general.

Prevents infection by specific ransomware families using vaccination technique. Lightweight. Free for personal or business use.

Cons

Does nothing against other ransomware families.

Bottom Line

Bitdefender Anti-Ransomware vaccinates your PC against infection by four specific ransomware families, and testing shows that it does the job. But you'll need some other kind of protection to handle other ransomware families, and other malware in general.

Smallpox killed many hundreds of thousands before Edward Jenner worked out a technique for vaccination, a treatment that mimicked the effects of having already suffered and recovered from the disease. Bitdefender Anti-Ransomware uses a similar technique to keep your PCs safe from ransomware infection—similar enough that the company calls it ransomware vaccination. This free product offers protection against attack by a very specific collection of ransomware families. It isn't even remotely a general-purpose antivirus tool, but it does exactly what it promises to do.

Similar Products

The key to this technique lies in the fact that the cybercrooks who inflict ransomware on the world don't want it to infect the same PC twice. Such a double whammy might make it impossible to decrypt files, even if the victim coughed up the ransom. The first round of infestation by the recent Petya ransomware simply checked for the presence of a certain file, and called off its attack if that file was present. (Sorry, folks: Petya's current version isn't so easily defeated.)

Bitdefender Anti-Ransomware uses a variety of techniques to convince specific families of ransomware that your PC is already infected, thereby deflecting their attacks. It specifically works on TeslaCrypt, BTC-Locker, Locky, and the first version of Petya. For defense against any other encrypting ransomware attack, you'll need a full-blown ransomware protection utility.

Getting Started with Bitdefender Anti-Ransomware

This product is a free download, and you can use it on any PC at all. Unlike many free antivirus utilities, there's no restriction against using it in a commercial setting. Download it, install it, and you're done.

Initially, I had the impression that users would run the utility once and be done with it. I was a bit surprised to find that it launches at startup and keeps running in the background. My contact at Bitdefender explained the mere presence of a static file isn't sufficient to convince some ransomware families that the system is already infected. For those tougher cases, an always-on background process is necessary.

Vaccinated!

With Bitdefender Anti-Ransomware on the job, I released my collection of real-world ransomware samples one by one, in an isolated virtual machine. The product did exactly what it promised to do.

The TeslaCrypt ransomware behaves in a predictable fashion. The sample I use pretends to be a legitimate, digitally signed utility, but its installer drops a random-named malware executable in the Documents folder. That secondary program proceeds to encrypt your documents, and then displays its ransomware demand. With Bitdefender active, I saw the secondary program appear, launch, and quit—without doing any dirty deeds.

My BTC-Locker sample also pretends to be something legitimate, though it doesn't bother with using a random-named secondary program. It, too, launched, ran for a while, and then exited, without encrypting any files. The same thing happened with my sample from the Locky ransomware family. It launched, ran for a while, and terminated, with no damage to the test system.

I don't have a Petya sample, but my experience with the other three ransomware families demonstrates that Bitdefender Anti-Ransomware does indeed prevent attacks by those families.

Not Vaccinated

Of course, matters were quite different when I released another three samples, ransomware threats from families not included in this product's vaccination. In each case, the ransomware silently encrypted important files and then displayed its ransom demand.

This makes perfect sense. A smallpox vaccine doesn't protect you against cholera. Even that flu shot you get every fall only protects against certain strains of influenza. Bitdefender is completely effective against the ransomware families it targets, and completely ineffective against anything else. The product itself makes that point very clear, suggesting that you upgrade to full-scale Bitdefender protection. Indeed, Bitdefender Antivirus Plus successfully detected all of my ransomware samples and prevented them from doing any harm.

One of the missed samples belonged to the Cerber family, which most experts agree is the most widespread ransomware family at present. My Bitdefender contacts said that they're researching the possibility of adding a vaccine for Cerber, but couldn't promise a timeline.

Other Defenses

Rather than look for signs of specific, known ransomware threats, the most effective tools instead watch for behavior that indicates ransomware activity. Whether the attacker is the scion of a well-known ransomware family or an utter upstart, never seen before, this sort of tool should recognize it by its actions.

The use of behavior-based detection does mean that you may occasionally lose some files while the ransomware protection tool is busy analyzing behavior. For example, while Malwarebytes Anti-Ransomware did successfully and eliminate all of my samples, a Cerber-family threat encrypted several files before it was quashed. That same sample completely eluded Cybereason RansomFree.

Malwarebytes and RansomFree are both free products. From my experience thus far, you get better ransomware protection if you're willing to pay a little. At $1.99 per month, Check Point ZoneAlarm Anti-Ransomware isn't expensive. And in testing it both detected all the samples and completely reversed their actions, leaving no files encrypted.

One Layer of Protection

Bitdefender Anti-Ransomware's vaccination technique cleverly subverts ransomware's need to avoid double infection. For specific, known ransomware families, it makes your PC look like it's already infected. However, outside of that known collection, it does nothing, so you can't use it alone. At the very least, combine this product with a full-scale antivirus, or with a free behavior-based ransomware protection tool such as Malwarebytes Anti-Ransomware or Cybereason RansomFree.

Even if you choose to pay a little for our Editors' Choice, Check Point ZoneAlarm Anti-Ransomware, you still need protection against other types of malware. Check out our reviews of antivirus and free antivirus tools, and make your choice.

Bitdefender Anti-Ransomware

Bottom Line: Bitdefender Anti-Ransomware vaccinates your PC against infection by four specific ransomware families, and testing shows that it does the job. But you'll need some other kind of protection to handle other ransomware families, and other malware in general.

About the Author

Neil Rubenking served as vice president and president of the San Francisco PC User Group for three years when the IBM PC was brand new. He was present at the formation of the Association of Shareware Professionals, and served on its board of directors. In 1986, PC Magazine brought Neil on board to handle the torrent of Turbo Pascal tips submitted b... See Full Bio

Bitdefender Anti-Ransomware

Get Our Best Stories!

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.